> On Oct 7, 2016, at 12:29 AM, Brian Morearty <br...@morearty.org> wrote:
>
> > Ideally testing would have brought the "error" to your attention before it
> > was used in production.
>
> I think the point here was that the coder did not think if this problem.
> Adding a test for it would require thinking if it.
>

Advertising

My parsing of the previous statement was that *manual* testing could have
caught this - basic, “push the button and see what it does” kind of testing.
I don’t see the utility of a guardrail to prevent “bad” emails from being
generated: people who understand the risks end up having to do a slight amount
of additional ceremony, and people who don’t understand the risks copy-paste
the incantation to “make it work”.
—Matt Jones
> I do think it would be strange for bcc to be the default, though. The only
> alternative I can think of would be a small breaking change: if multiple
> recipients would be able to see each others' emails, require setting an
> `allow_recipients_to_see_each_others_emails` flag. If not set, and multiple
> recipients are on to/cc, raise an error.
>
> I'm not sure how good or bad this would be.
>
>
>
>
> On Thursday, October 6, 2016, Andrew Kaspick <akasp...@gmail.com
> <mailto:akasp...@gmail.com>> wrote:
> I don't think anything should be changed to deal with the api personally.
> The options translate to how email works and to me that's what makes the most
> sense. Ideally testing would have brought the "error" to your attention
> before it was used in production.
>
> On Thu, Oct 6, 2016 at 7:42 AM, <jeremy.fr...@projets2coeur.fr
> <javascript:_e(%7B%7D,'cvml','jeremy.fr...@projets2coeur.fr');>> wrote:
> Hi there,
>
> I've just made this mistake of sending an e-mail to a few hundred people,
> revealing their emails to everyone else.
>
> Usually we loop over the users and send a personalized email to each one of
> them, but for once the email was the same so I went with sending it once.
> That's why I did not even think about the fact that the emails would be
> visible to everyone.
> The "fun" part of it is that I thought I was so clever to enhance performance
> by sending it only once.
>
> Anyway, after having thought about my mistake I realized that most of the
> time when sending the same email to a bunch of people one would almost never
> want the emails to be visible to everyone.
> The exception would be to allow people to reply to one another, like in some
> task management system, but again I think in the majority of cases one
> wouldn't want that.
>
> That's why I think it's best to be cautious by default, maybe by doing a BCC
> send by default unless some other option is provided (`reveal_emails: true`
> ?).
> I think it would be a safe bet because if I'd like others to see the emails I
> most probably will notice while working on the feature that they are not
> visible by default.
> The opposite is not true. Proof is I just totally forgot about this
> "side-effect".
>
> What do you guys think ?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Core" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-core+unsubscr...@googlegroups.com
> <javascript:_e(%7B%7D,'cvml','rubyonrails-core%2bunsubscr...@googlegroups.com');>.
> To post to this group, send email to rubyonrails-core@googlegroups.com
> <javascript:_e(%7B%7D,'cvml','rubyonrails-core@googlegroups.com');>.
> Visit this group at https://groups.google.com/group/rubyonrails-core
> <https://groups.google.com/group/rubyonrails-core>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Core" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-core+unsubscr...@googlegroups.com
> <javascript:_e(%7B%7D,'cvml','rubyonrails-core%2bunsubscr...@googlegroups.com');>.
> To post to this group, send email to rubyonrails-core@googlegroups.com
> <javascript:_e(%7B%7D,'cvml','rubyonrails-core@googlegroups.com');>.
> Visit this group at https://groups.google.com/group/rubyonrails-core
> <https://groups.google.com/group/rubyonrails-core>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Core" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-core+unsubscr...@googlegroups.com
> <mailto:rubyonrails-core+unsubscr...@googlegroups.com>.
> To post to this group, send email to rubyonrails-core@googlegroups.com
> <mailto:rubyonrails-core@googlegroups.com>.
> Visit this group at https://groups.google.com/group/rubyonrails-core
> <https://groups.google.com/group/rubyonrails-core>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-core+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at https://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.